b'INVESTIGATIVE MEMORANDUM ON\nMANAGEMENT ISSUES (G-376)\n                                                                   October 27, 2003\n\nTo:    Kenneth Fogash\n       James McConnell\n\nFrom: Walter Stachnik\n\nRe:    Web-Based E-Mail Accounts (OIG-376)\n\nDuring several investigations recently conducted by the Office of Inspector General\n(including OIG-376), it came to our attention that the employees under investigation had\nroutinely (i.e., almost daily) accessed web-based e-mail accounts from Commission\ncomputers. These employees informed us that they believed that the majority of\nCommission staff routinely accessed web-based e-mail accounts from Commission\ncomputers.\n\nCommission staff have previously been informed in e-mail messages and in training\nsessions that access to web-based e-mail accounts from SEC computers is prohibited in\norder to guard against viruses. However, we found during our investigations that staff\nappear to be confused as to whether accessing web-based e-mail accounts from\nCommission computers is permitted. This confusion appears to be due, at least in part, to\ne-mails informing employees that SEC access to web-based e-mail services, such as\nHotmail, would be blocked until anti-virus software was updated. Staff told us that they\nassumed that, once the block was removed, they would be permitted to access web-based\ne-mail accounts from Commission computers.\n\nDue to the current confusion among staff concerning web-based e-mail accounts,\nCommission controls in this area should be improved.\n\nRecommendation A\n\nThe Office of Information Technology, in consultation with the Office of Executive\nDirector, should consider placing a permanent block that would prevent Commission\nemployees from accessing web-based e-mail services from Commission computers.\nAlternatively, the Commission policy prohibiting employees from accessing web-based\ne-mail accounts from Commission computers should be clarified and issued to all staff.\n\nOIT provided comments in response to a draft of this memorandum. See Attachment 1.\nIn accordance with the above recommendation, OIT has considered whether it should\nplace a permanent block on access to web-based e-mail accounts from Commission\ncomputers and has determined that a complete block of access to web-based e-mail\n\x0caccounts is not warranted. Moreover, at this time, OIT does not have the ability to make\ngranular restrictions on use of web-based e-mail. In addition, OIT has complied with the\nalternative recommendation above by issuing a notice to staff regarding the use of web-\nbased e-mail. See Attachment 2.\n\ncc:    Darlene Pryor\n       Peter Derby\n       Mark Brickman\n\n\n\n\n                                                                                       2\n\x0c'